Download Palo Alto Networks Certified Network Security Engineer.CertDumps.PCNSE.v7-0.2020-06-11.1e.98q.vcex

A client is concerned about resource exhaustion because of denial-of-service attacks against their DNS servers. 
Which option will protect the individual servers?

• A: Enable packet buffer protection on the Zone Protection Profile.
• B: Apply an Anti-Spyware Profile with DNS sinkholing.
• C: Use the DNS App-ID with application-default.
• D: Apply a classified DoS Protection Profile.

Correct Answer: A

An administrator has users accessing network resources through Citrix XenApp 7.x.  
Which User-ID mapping solution will map multiple users who are using Citrix to connect to the network and access resources?

• A: Client Probing
• B: Terminal Services agent
• C: GlobalProtect
• D: Syslog Monitoring

Correct Answer: B

An administrator needs to upgrade a Palo Alto Networks NGFW to the most current version of PAN-OS® software. The firewall has internet connectivity through an Ethernet interface, but no internet connectivity from the management interface. The Security policy has the default security rules and a rule that allows all web-browsing traffic from any to any zone. 
What must the administrator configure so that the PAN-OS® software can be upgraded?

• A: Security policy rule
• B: CRL
• C: Service route
• D: Scheduler

Correct Answer: A

Which option is part of the content inspection process?

• A: Packet forwarding process
• B: SSL Proxy re-encrypt
• C: IPsec tunnel encryption
• D: Packet egress process

Correct Answer: B

An administrator creates an SSL decryption rule decrypting traffic on all ports. The administrator also creates a Security policy rule allowing only the applications DNS, SSL, and web-browsing. 
The administrator generates three encrypted BitTorrent connections and checks the Traffic logs. There are three entries. The first entry shows traffic dropped as application Unknown. The next two entries show traffic allowed as application SSL. 
Which action will stop the second and subsequent encrypted BitTorrent connections from being allowed as SSL?

• A: Create a decryption rule matching the encrypted BitTorrent traffic with action “No-Decrypt,” and place the rule at the top of the Decryption policy.
• B: Create a Security policy rule that matches application “encrypted BitTorrent” and place the rule at the top of the Security policy.
• C: Disable the exclude cache option for the firewall.
• D: Create a Decryption Profile to block traffic using unsupported cyphers, and attach the profile to the decryption rule.

Correct Answer: B

Which option would an administrator choose to define the certificate and protocol that Panorama and its managed devices use for SSL/TLS services? 

• A: Configure a Decryption Profile and select SSL/TLS services.
• B: Set up SSL/TLS under Policies > Service/URL Category>Service.
• C: Set up Security policy rule to allow SSL communication.
• D: Configure an SSL/TLS Profile.

Correct Answer: D

Which menu item enables a firewall administrator to see details about traffic that is currently active through the NGFW?

• A: ACC
• B: System Logs
• C: App Scope
• D: Session Browser

Correct Answer: D

Which CLI command can be used to export the tcpdump capture?

• A: scp export tcpdump from mgmt.pcap to <[email protected]:path>
• B: scp extract mgmt-pcap from mgmt.pcap to <[email protected]:path>
• C: scp export mgmt-pcap from mgmt.pcap to <[email protected]:path>
• D: download mgmt-pcap

Correct Answer: C

Which three options are supported in HA Lite? (Choose three.)

• A: Virtual link
• B: Active/passive deployment
• C: Synchronization of IPsec security associations
• D: Configuration synchronization
• E: Session synchronization

Correct Answer: BCD

Which CLI command enables an administrator to view details about the firewall including uptime, PAN-OS® version, and serial number?

• A: debug system details
• B: show session info
• C: show system info
• D: show system details

Correct Answer: C